Shields Health Solutions, which provides specialty pharmacy services to hospitals and other healthcare organizations, is notifying 1,277 patients of a phishing attack that may have exposed their information.
In October 2019, Shields discovered suspicious activity in an employee's email account. After an investigation, Shields determined than an unauthorized third party had access to the employee's email account between Oct. 22-24, 2019.
Patient data that may have been exposed included names, dates of birth, medical record numbers, provider names, prescription information, clinical information, insurer names and limited claims information. No Social Security numbers or financial information was affected.
Shields said there is no evidence that patient information has been misused. However, the pharmacy provider recommends patients review any statements they receive from healthcare providers.
"We sincerely regret any concern or inconvenience this incident may cause," said Shields in an online statement. "To help prevent something like this from happening in the future, we are taking steps to further enhance the organization's data security procedures, including implementing multi-factor authentication on employee email accounts."